diff --git a/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanAlgorithm.cs b/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanAlgorithm.cs
index d0b6a25..d9e1931 100644
--- a/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanAlgorithm.cs
+++ b/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanAlgorithm.cs
@@ -74,6 +74,10 @@ protected override ECKeyGenerationParameters CreateKeyGenParameters(SecureRandom
=> new(parameters, random);
///
- protected override ECDomainParameters GetEngineParameters(CryptoOptions options) => BcEllipticCurves.GetCurve(options.AsymmetricKeyBits);
+ protected override ECDomainParameters GetEngineParameters(CryptoOptions options)
+ {
+ EnsureAllowedCurve(options.AsymmetricKeyBits);
+ return BcEllipticCurves.GetCurve(options.AsymmetricKeyBits);
+ }
}
}
diff --git a/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanPrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanPrivateKey.cs
index 7b28b53..525f639 100644
--- a/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanPrivateKey.cs
+++ b/src/wan24-Crypto-BC/AsymmetricBcEcDiffieHellmanPrivateKey.cs
@@ -47,7 +47,8 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ Algorithm.EnsureAllowed();
+ EnsureAllowedCurve();
publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
if (publicKey is not AsymmetricBcEcDiffieHellmanPublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
return (DeriveKey(publicKey), PublicKey.KeyData.Array.CloneArray());
@@ -67,7 +68,7 @@ public override byte[] DeriveKey(byte[] keyExchangeData)
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ EnsurePqcRequirement();
using AsymmetricBcEcDiffieHellmanPublicKey publicKey = new(keyExchangeData);
return DeriveKey(publicKey as IAsymmetricPublicKey);
}
@@ -83,7 +84,7 @@ public override byte[] DeriveKey(IAsymmetricPublicKey publicKey)
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ EnsurePqcRequirement();
if (publicKey is not AsymmetricBcEcDiffieHellmanPublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
ECDHBasicAgreement agreement = new();
agreement.Init(PrivateKey);
diff --git a/src/wan24-Crypto-BC/AsymmetricBcEcDsaAlgorithm.cs b/src/wan24-Crypto-BC/AsymmetricBcEcDsaAlgorithm.cs
index ba8e8da..f2a1c65 100644
--- a/src/wan24-Crypto-BC/AsymmetricBcEcDsaAlgorithm.cs
+++ b/src/wan24-Crypto-BC/AsymmetricBcEcDsaAlgorithm.cs
@@ -74,6 +74,10 @@ protected override ECKeyGenerationParameters CreateKeyGenParameters(SecureRandom
=> new(parameters, random);
///
- protected override ECDomainParameters GetEngineParameters(CryptoOptions options) => BcEllipticCurves.GetCurve(options.AsymmetricKeyBits);
+ protected override ECDomainParameters GetEngineParameters(CryptoOptions options)
+ {
+ EnsureAllowedCurve(options.AsymmetricKeyBits);
+ return BcEllipticCurves.GetCurve(options.AsymmetricKeyBits);
+ }
}
}
diff --git a/src/wan24-Crypto-BC/AsymmetricBcEcDsaPrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricBcEcDsaPrivateKey.cs
index 7a28709..d7462f9 100644
--- a/src/wan24-Crypto-BC/AsymmetricBcEcDsaPrivateKey.cs
+++ b/src/wan24-Crypto-BC/AsymmetricBcEcDsaPrivateKey.cs
@@ -66,7 +66,8 @@ public override byte[] SignHashRaw(byte[] hash)
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ Algorithm.EnsureAllowed();
+ EnsureAllowedCurve();
DsaDigestSigner signer = new(new ECDsaSigner(), new NullDigest());
signer.Init(forSigning: true, PrivateKey);
signer.BlockUpdate(hash);
diff --git a/src/wan24-Crypto-BC/AsymmetricEd25519Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricEd25519Algorithm.cs
index 06fc190..23a6f68 100644
--- a/src/wan24-Crypto-BC/AsymmetricEd25519Algorithm.cs
+++ b/src/wan24-Crypto-BC/AsymmetricEd25519Algorithm.cs
@@ -74,6 +74,7 @@ public override AsymmetricEd25519PrivateKey CreateKeyPair(CryptoOptions? options
{
try
{
+ EnsureAllowed();
options ??= DefaultOptions;
if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
Ed25519KeyPairGenerator keyGen = new();
diff --git a/src/wan24-Crypto-BC/AsymmetricEd448Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricEd448Algorithm.cs
index aadfa80..c2e5246 100644
--- a/src/wan24-Crypto-BC/AsymmetricEd448Algorithm.cs
+++ b/src/wan24-Crypto-BC/AsymmetricEd448Algorithm.cs
@@ -75,6 +75,7 @@ public override AsymmetricEd448PrivateKey CreateKeyPair(CryptoOptions? options =
{
try
{
+ EnsureAllowed();
options ??= DefaultOptions;
if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
Ed448KeyPairGenerator keyGen = new();
diff --git a/src/wan24-Crypto-BC/AsymmetricSNtruPrimeAlgorithm.cs b/src/wan24-Crypto-BC/AsymmetricSNtruPrimeAlgorithm.cs
index 85c3748..93b66be 100644
--- a/src/wan24-Crypto-BC/AsymmetricSNtruPrimeAlgorithm.cs
+++ b/src/wan24-Crypto-BC/AsymmetricSNtruPrimeAlgorithm.cs
@@ -76,6 +76,7 @@ public override AsymmetricSNtruPrimePrivateKey CreateKeyPair(CryptoOptions? opti
{
try
{
+ EnsureAllowed();
options ??= DefaultOptions;
if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
SNtruPrimeKeyPairGenerator keyGen = new();
diff --git a/src/wan24-Crypto-BC/AsymmetricX25519Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricX25519Algorithm.cs
index 4079781..167b95e 100644
--- a/src/wan24-Crypto-BC/AsymmetricX25519Algorithm.cs
+++ b/src/wan24-Crypto-BC/AsymmetricX25519Algorithm.cs
@@ -74,6 +74,7 @@ public override AsymmetricX25519PrivateKey CreateKeyPair(CryptoOptions? options
{
try
{
+ EnsureAllowed();
options ??= DefaultOptions;
if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
X25519KeyPairGenerator keyGen = new();
diff --git a/src/wan24-Crypto-BC/AsymmetricX25519PrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricX25519PrivateKey.cs
index 19579f2..d6d6e4d 100644
--- a/src/wan24-Crypto-BC/AsymmetricX25519PrivateKey.cs
+++ b/src/wan24-Crypto-BC/AsymmetricX25519PrivateKey.cs
@@ -46,7 +46,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ Algorithm.EnsureAllowed();
publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
if (publicKey is not AsymmetricX25519PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
return (DeriveKey(publicKey), PublicKey.KeyData.Array.CloneArray());
@@ -66,7 +66,7 @@ public override byte[] DeriveKey(byte[] keyExchangeData)
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ EnsurePqcRequirement();
using AsymmetricX25519PublicKey publicKey = new(keyExchangeData);
return DeriveKey(publicKey as IAsymmetricPublicKey);
}
@@ -82,7 +82,7 @@ public override byte[] DeriveKey(IAsymmetricPublicKey publicKey)
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ EnsurePqcRequirement();
if (publicKey is not AsymmetricX25519PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
X25519Agreement agreement = new();
agreement.Init(PrivateKey);
diff --git a/src/wan24-Crypto-BC/AsymmetricX448Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricX448Algorithm.cs
index c02c03b..f55eb07 100644
--- a/src/wan24-Crypto-BC/AsymmetricX448Algorithm.cs
+++ b/src/wan24-Crypto-BC/AsymmetricX448Algorithm.cs
@@ -75,6 +75,7 @@ public override AsymmetricX448PrivateKey CreateKeyPair(CryptoOptions? options =
{
try
{
+ EnsureAllowed();
options ??= DefaultOptions;
if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
X448KeyPairGenerator keyGen = new();
diff --git a/src/wan24-Crypto-BC/AsymmetricX448PrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricX448PrivateKey.cs
index aa9c58f..ade2471 100644
--- a/src/wan24-Crypto-BC/AsymmetricX448PrivateKey.cs
+++ b/src/wan24-Crypto-BC/AsymmetricX448PrivateKey.cs
@@ -67,7 +67,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ Algorithm.EnsureAllowed();
publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
if (publicKey is not AsymmetricX448PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
return (DeriveKey(publicKey), PublicKey.KeyData.Array.CloneArray());
@@ -87,7 +87,7 @@ public override byte[] DeriveKey(byte[] keyExchangeData)
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ EnsurePqcRequirement();
using AsymmetricX448PublicKey publicKey = new(keyExchangeData);
return DeriveKey(publicKey as IAsymmetricPublicKey);
}
@@ -103,7 +103,7 @@ public override byte[] DeriveKey(IAsymmetricPublicKey publicKey)
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ EnsurePqcRequirement();
if (publicKey is not AsymmetricX448PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
X448Agreement agreement = new();
agreement.Init(PrivateKey);
diff --git a/src/wan24-Crypto-BC/AsymmetricXEd25519Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricXEd25519Algorithm.cs
index 080521d..d384e39 100644
--- a/src/wan24-Crypto-BC/AsymmetricXEd25519Algorithm.cs
+++ b/src/wan24-Crypto-BC/AsymmetricXEd25519Algorithm.cs
@@ -74,6 +74,7 @@ public override AsymmetricXEd25519PrivateKey CreateKeyPair(CryptoOptions? option
{
try
{
+ EnsureAllowed();
options ??= DefaultOptions;
if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
Ed25519KeyPairGenerator keyGen = new();
diff --git a/src/wan24-Crypto-BC/AsymmetricXEd25519PrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricXEd25519PrivateKey.cs
index 399e5fc..e83055d 100644
--- a/src/wan24-Crypto-BC/AsymmetricXEd25519PrivateKey.cs
+++ b/src/wan24-Crypto-BC/AsymmetricXEd25519PrivateKey.cs
@@ -86,7 +86,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ Algorithm.EnsureAllowed();
publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
if (publicKey is not AsymmetricXEd25519PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
return GetX25519Key().GetKeyExchangeData(key._PublicKey2 ?? throw new InvalidOperationException(), options);
diff --git a/src/wan24-Crypto-BC/AsymmetricXEd448Algorithm.cs b/src/wan24-Crypto-BC/AsymmetricXEd448Algorithm.cs
index b5846fd..c587a37 100644
--- a/src/wan24-Crypto-BC/AsymmetricXEd448Algorithm.cs
+++ b/src/wan24-Crypto-BC/AsymmetricXEd448Algorithm.cs
@@ -3,6 +3,7 @@
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Security;
using System.Collections.Frozen;
+using System.Security;
using wan24.Core;
namespace wan24.Crypto.BC
@@ -75,6 +76,7 @@ public override AsymmetricXEd448PrivateKey CreateKeyPair(CryptoOptions? options
{
try
{
+ EnsureAllowed();
options ??= DefaultOptions;
if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
Ed448KeyPairGenerator keyGen = new();
diff --git a/src/wan24-Crypto-BC/AsymmetricXEd448PrivateKey.cs b/src/wan24-Crypto-BC/AsymmetricXEd448PrivateKey.cs
index 4b6fc49..0095d3b 100644
--- a/src/wan24-Crypto-BC/AsymmetricXEd448PrivateKey.cs
+++ b/src/wan24-Crypto-BC/AsymmetricXEd448PrivateKey.cs
@@ -1,6 +1,7 @@
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Signers;
+using System.Security;
using wan24.Core;
namespace wan24.Crypto.BC
@@ -95,7 +96,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
try
{
EnsureUndisposed();
- if (CryptoHelper.StrictPostQuantumSafety) throw new InvalidOperationException($"Post quantum safety-forced - {Algorithm.Name} isn't post quantum");
+ Algorithm.EnsureAllowed();
publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
if (publicKey is not AsymmetricXEd448PublicKey key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
return GetX448Key().GetKeyExchangeData(key._PublicKey2 ?? throw new InvalidOperationException(), options);
diff --git a/src/wan24-Crypto-BC/BcEllipticCurves.cs b/src/wan24-Crypto-BC/BcEllipticCurves.cs
index d51842b..83e8163 100644
--- a/src/wan24-Crypto-BC/BcEllipticCurves.cs
+++ b/src/wan24-Crypto-BC/BcEllipticCurves.cs
@@ -26,7 +26,7 @@ public static class BcEllipticCurves
///
/// Curve name
/// Key size in bits
- public static int GetKeySize(ECDomainParameters curve)
+ public static int GetKeySize(in ECDomainParameters curve)
{
if (curve.Equals(SECP256R1_CURVE)) return EllipticCurves.SECP256R1_KEY_SIZE;
if (curve.Equals(SECP384R1_CURVE)) return EllipticCurves.SECP384R1_KEY_SIZE;
@@ -39,12 +39,25 @@ public static int GetKeySize(ECDomainParameters curve)
///
/// Key size in bits
/// Curve name
- public static ECDomainParameters GetCurve(int bits) => bits switch
+ public static ECDomainParameters GetCurve(in int bits) => bits switch
{
EllipticCurves.SECP256R1_KEY_SIZE => SECP256R1_CURVE,
EllipticCurves.SECP384R1_KEY_SIZE => SECP384R1_CURVE,
EllipticCurves.SECP521R1_KEY_SIZE => SECP521R1_CURVE,
_ => throw new ArgumentException("Unknown key size", nameof(bits))
};
+
+ ///
+ /// Determine if an elliptic curve is allowed
+ ///
+ /// Curve
+ /// If the elliptic curve is allowed
+ public static bool IsCurveAllowed(in ECDomainParameters curve) => EllipticCurves.IsCurveAllowed(GetKeySize(curve));
+
+ ///
+ /// Deny an elliptic curve
+ ///
+ /// Curve
+ public static void DenyCurve(in ECDomainParameters curve) => EllipticCurves.DenyCurve(GetKeySize(curve));
}
}
diff --git a/src/wan24-Crypto-BC/BouncyCastle.cs b/src/wan24-Crypto-BC/BouncyCastle.cs
index cfd20fd..422cfca 100644
--- a/src/wan24-Crypto-BC/BouncyCastle.cs
+++ b/src/wan24-Crypto-BC/BouncyCastle.cs
@@ -1,4 +1,8 @@
-namespace wan24.Crypto.BC
+
+//TODO Add v2 SEIPD encryption algorithms as an alternate to AEAD
+//TODO Add Argon2 S2K KDF algorithm
+
+namespace wan24.Crypto.BC
{
///
/// Bouncy Castle helper
diff --git a/src/wan24-Crypto-BC/BouncyCastleAeadCipherAlgorithmBase.cs b/src/wan24-Crypto-BC/BouncyCastleAeadCipherAlgorithmBase.cs
index 16e9434..04810f9 100644
--- a/src/wan24-Crypto-BC/BouncyCastleAeadCipherAlgorithmBase.cs
+++ b/src/wan24-Crypto-BC/BouncyCastleAeadCipherAlgorithmBase.cs
@@ -31,6 +31,7 @@ protected sealed override ICryptoTransform GetEncryptor(Stream cipherData, Crypt
{
try
{
+ EnsureAllowed();
IBufferedCipher cipher = CreateCipher(forEncryption: true, options);
byte[] iv = CreateIvBytes();
cipher.Init(forEncryption: true, CreateParameters(iv, options));
@@ -52,6 +53,7 @@ protected sealed override async Task GetEncryptorAsync(Stream
{
try
{
+ EnsureAllowed();
IBufferedCipher cipher = CreateCipher(forEncryption: true, options);
byte[] iv = CreateIvBytes();
cipher.Init(forEncryption: true, CreateParameters(iv, options));
diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricAlgorithmBase.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricAlgorithmBase.cs
index a984a69..8325839 100644
--- a/src/wan24-Crypto-BC/BouncyCastleAsymmetricAlgorithmBase.cs
+++ b/src/wan24-Crypto-BC/BouncyCastleAsymmetricAlgorithmBase.cs
@@ -54,6 +54,7 @@ public override tPrivate CreateKeyPair(CryptoOptions? options = null)
{
try
{
+ EnsureAllowed();
options ??= DefaultOptions;
if (!options.AsymmetricKeyBits.In(AllowedKeySizes)) throw new ArgumentException("Invalid key size", nameof(options));
tKeyGen keyGen = new();
diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase.cs
index 12215ba..8e0daa0 100644
--- a/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase.cs
+++ b/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase.cs
@@ -53,6 +53,8 @@ public override byte[] SignHashRaw(byte[] hash)
try
{
EnsureUndisposed();
+ Algorithm.EnsureAllowed();
+ EnsureAllowedCurve();
tSigner signer = new();
signer.Init(forSigning: true, PrivateKey);
signer.BlockUpdate(hash);
diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase2.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase2.cs
index 7735bb6..6954764 100644
--- a/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase2.cs
+++ b/src/wan24-Crypto-BC/BouncyCastleAsymmetricNonPqcPrivateSignatureKeyBase2.cs
@@ -53,6 +53,8 @@ public override byte[] SignHashRaw(byte[] hash)
try
{
EnsureUndisposed();
+ Algorithm.EnsureAllowed();
+ EnsureAllowedCurve();
tSigner signer = Activator.CreateInstance(typeof(tSigner), Array.Empty()) as tSigner
?? throw CryptographicException.From(new InvalidProgramException($"Failed to instance {typeof(tSigner)}"));
signer.Init(forSigning: true, PrivateKey);
diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateKeyExchangeKeyBase.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateKeyExchangeKeyBase.cs
index 1a9f6d8..f69d8b5 100644
--- a/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateKeyExchangeKeyBase.cs
+++ b/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateKeyExchangeKeyBase.cs
@@ -57,6 +57,7 @@ public override (byte[] Key, byte[] KeyExchangeData) GetKeyExchangeData(IAsymmet
try
{
EnsureUndisposed();
+ Algorithm.EnsureAllowed();
publicKey ??= options?.PublicKey ?? options?.PrivateKey?.PublicKey ?? PublicKey;
if (publicKey is not tPublic key) throw new ArgumentException($"Public {Algorithm.Name} key required", nameof(publicKey));
tGenerator generator = Activator.CreateInstance(typeof(tGenerator), new SecureRandom(BouncyCastleRandomGenerator.Instance())) as tGenerator
diff --git a/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateSignatureKeyBase.cs b/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateSignatureKeyBase.cs
index 9c79861..5ccb18b 100644
--- a/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateSignatureKeyBase.cs
+++ b/src/wan24-Crypto-BC/BouncyCastleAsymmetricPqcPrivateSignatureKeyBase.cs
@@ -54,6 +54,7 @@ public sealed override byte[] SignHashRaw(byte[] hash)
try
{
EnsureUndisposed();
+ Algorithm.EnsureAllowed();
tSigner signer = new();
signer.Init(forSigning: true, PrivateKey);
return signer.GenerateSignature(hash);
diff --git a/src/wan24-Crypto-BC/BouncyCastleBlockCipherAlgorithmBase.cs b/src/wan24-Crypto-BC/BouncyCastleBlockCipherAlgorithmBase.cs
index d814917..bb16bcf 100644
--- a/src/wan24-Crypto-BC/BouncyCastleBlockCipherAlgorithmBase.cs
+++ b/src/wan24-Crypto-BC/BouncyCastleBlockCipherAlgorithmBase.cs
@@ -45,6 +45,7 @@ protected sealed override ICryptoTransform GetEncryptor(Stream cipherData, Crypt
{
try
{
+ EnsureAllowed();
IBlockCipher cipher = CreateCipher(forEncryption: true, options);
byte[] iv = CreateIvBytes();
cipher.Init(forEncryption: true, CreateParameters(iv, options));
@@ -66,6 +67,7 @@ protected sealed override async Task GetEncryptorAsync(Stream
{
try
{
+ EnsureAllowed();
IBlockCipher cipher = CreateCipher(forEncryption: true, options);
byte[] iv = CreateIvBytes();
cipher.Init(forEncryption: true, CreateParameters(iv, options));
diff --git a/src/wan24-Crypto-BC/StreamCipherRng.cs b/src/wan24-Crypto-BC/StreamCipherRng.cs
index 6288744..13adb77 100644
--- a/src/wan24-Crypto-BC/StreamCipherRng.cs
+++ b/src/wan24-Crypto-BC/StreamCipherRng.cs
@@ -43,6 +43,7 @@ public StreamCipherRng(
Algorithm = algorithm;
try
{
+ algorithm.EnsureAllowed();
if (algorithm.BlockSize != 1) throw new ArgumentException("Stream cipher required", nameof(algorithm));
if (bufferSize.HasValue && bufferSize.Value < Algorithm.IvSize)
throw new ArgumentOutOfRangeException(nameof(bufferSize), $"Min. buffer size for {algorithm.DisplayName} is {algorithm.IvSize} byte");
diff --git a/src/wan24-Crypto-BC/wan24-Crypto-BC.csproj b/src/wan24-Crypto-BC/wan24-Crypto-BC.csproj
index b9f63cd..66ec935 100644
--- a/src/wan24-Crypto-BC/wan24-Crypto-BC.csproj
+++ b/src/wan24-Crypto-BC/wan24-Crypto-BC.csproj
@@ -9,7 +9,7 @@
True
wan24-Crypto-BC
wan24-Crypto-BC
- 3.3.0
+ 3.4.0
nd1012
Andreas Zimmermann, wan24.de
wan24-Crypto-BC
@@ -33,8 +33,8 @@
-
-
+
+